DoD's Unified Capabilities strategy aims to help all users work with voice, data, and video in a secure and flexible environment. (DoD)
With cyber threats growing more frequent and dangerous, the military is rapidly transitioning toward an everything-over-IP strategy in an effort to secure collaboration at the enterprise level.
At the heart of the Defense Department’s plan is a Unified Capabilities strategy that aims to integrate existing collaboration platforms into a single IP — Internet protocol — environment.
The Pentagon’s timetable calls for enterprisewide UC adoption by fiscal 2016. Under the UC umbrella, the agency plans to deploy IP-based solutions supporting voice-, data- and video-sharing capabilities with the goal of ensuring seamless and secure joint collaboration among the military services, combatant commands and defense agencies.
“Declining budgets have slowed progress toward planning and engineering the UC solution set, and depending on how long the DoD goes without an appropriation in fiscal year 2014, may delay the acquisition and implementation effort as our abilities to award contracts or begin any new efforts are seriously restricted until an appropriations bill is passed,” said Jeremy Hiers, project director, enterprise services for Army PEO Enterprise Information Systems at EIS in Fort Belvoir, Va.
The primary obstacle to implementing UC will be deploying sufficiently sized and available networks across the DoD enterprise, even to units at the tactical edge where bandwidth and network capacity are often constrained.
“Most of the Army’s network communications still take place over antiquated legacy switching and routing hardware,” Hiers said. “The key to the UC strategy is the upgrade of the Army’s network infrastructure, which includes implementation of MPLS routers.” The new MPLS — multiprotocol label switching — routers have a larger routing capacity and more efficiently manage network traffic flow.
“The implementation of this in fiscal year 2014 will lay the foundation for implementing end-to-end UC,” Hiers said.
“DoD can’t compromise on security,” said Mike Younkers, senior director of systems engineering for Cisco Systems’ U.S. Federal team.
Yet securing UC against an almost endless array of ever-evolving threats launched by shadowy groups and individuals creates unique design and operational challenges. Since commercial enterprise customers don’t require the same level of security as DoD, technologies required to fully protect the UC environment are scarce and, in some instances, simply not available. Yet progress is beginning to be made, Younkers said.
“Industry is starting to ubiquitously provide support for [Personal Identity Verification/Common Access Card] readers, for example, and underlying operating systems are being properly hardened to pass the DoD information assurance process,” he said.
“When acquiring and implementing the UC solution set, we will take a ‘defense in depth’ approach to testing and accrediting the solution, much like we would for implementation of any other enterprise level system,” Hiers said.
The approach, he said, requires the coordinated use of multiple network security countermeasures. Solutions must be on the Approved Products List and go through a stringent information assurance and interoperability certification process.
The biggest challenge vendors face, Younkers said, is dealing with DoD requirements that sometimes don’t quite match the product they are being applied to.
“We’re hoping that DoD’s alignment with NIST 800-53 and an overhaul of the IA controls and accreditation process used by DoD is going to help,” Younkers said.
One important change Younkers is looking forward to is DoD’s adoption of the Common Vulnerabilities and Exposures reference method for publicly known system weaknesses.
“[These] are recognized industrywide in lieu of DoD’s proprietary [information assurance vulnerability management] process,” Younkers said. Additionally, as commercial off-the-shelf products grow more secure via initiatives like Security Enhanced Android (A National Security Agency effort to identify and address critical gaps in the security of Google’s mobile operating system), “DoD will finally have a secure, mobile platform to build on top of and can leverage UC on the move,” Younkers said.
Agility — the ability to react quickly and capably to emerging threat vectors — poses a major challenge to the UC strategy’s long-term success.
“With the traditional way of testing, validating, acquiring and managing communications systems, DoD will never keep up with technology, to include threats,” Younkers said, adding that “we’re excited about” some new validation approaches.
By closely collaborating with DoD technology experts, industry partners can achieve agile validation and deployment, said Bill Laurie, director and vice president of DoD programs for Avaya’s government solutions unit.
“We test and make sure that our specific applications don’t create new security vulnerabilities that haven’t already been assessed and/or addressed,” he said. “If something new comes up, we work with the folks at the information test command, with DISA, and ultimately with the end users to make sure that any vulnerabilities that may be discovered are either acceptable in their environment, based on the way they planned to deploy the solution, or we agree mutually whether there’s some kind of mitigation or remediation that needs to be developed.”
DoD also faces the challenge of ensuring interoperability with existing military communications capabilities and enabling end-to-end communications through all phases of military operations, including seamless access from a unit’s home station all the way to the tactical edge in a theater of operation.
“These challenges can be overcome through the partnership that has been established between the Army, Air Force, and DISA to jointly design, acquire, and implement a single UC solution set,” Hiers said. “Having a single unified strategy will enable a more interoperable and complete solution that supports the full scope of military operations.”